Posting w/o checking facts

[Harry Hoffman <hhoffman () ip-solutions net>]

Hi,

Ok, I didn't think this needed to be said but why the hell are ppl 
posting exploits without doing any actual testing?

WTF is up with that. Umm, ok I can say that XYZ is a problem cause it 
"looks like it may be one".

NO, YOU CAN'T!!!! Or rather you can but then when everyone says your 
name while trying to hold back a snicker don't seem surprised.

If you think something is a problem then test it! If you can't test it 
than say so *clearly* in your post.

Making wild claims that a users' session can be hijacked or that you can 
force your way into the xyz system without testing makes you sound 
stupid (usually with good reason).

There have been at least three posts within the past couple of weeks 
that make claims that are questionable at best and certainly don't come 
with proof (or even anything that might closely resemble anything near 
proof).

My $0.02 cents (and I'm sure others will share one way or another) ;-)

--Harry

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html